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DETAILED ACTION 

1. This action is in response to the communication filed on June 16, 2005. Claims 1 , 
4, 7 and 10 have been amended and new Claims 27 - 36 are added. Claims 13-20 
have been cancelled. Therefore, Claims 1-12 and 21 - 36 are pending. 

Response to Remarks/Arguments 

2. Applicant's arguments/remarks filed 6/16/2005 have been fully considered but 
they are not persuasive for the following reasons: 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

3. Claims 1 - 6, 7 - 12 and 21 - 36 are rejected under 35 U.S.C. 1 12, first 
paragraph, as failing to comply with the written description requirement. The claim(s) 
contains subject matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the time the 
application was filed, had possession of the claimed invention. 
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The amended independent Claims 1, 7 and new independent Claims 27 and 32, 
read, " ...plurality of separately secured remote applications separately-secured 
computer applications first secured computer application second 

separately-secured computer application....", and Claims 27 and 32 further read "... 
storing a link ... retrieving the link; 

With respect to " ...plurality of separately secured remote applications 
separately-secured computer applications first secured computer application 

second separately-secured computer application....", although the specification 
discloses the authorization servers (16) are coupled with user computers (12) and the 
application servers (14) via the communications network (22) and are provided for 
authenticating and authorizing the. user computers, the specification does not disclose " 
...plurality of separately secured remote applications separately-secured 
computer applications ...", "... first secured computer application ...", "... second 
separately-secured computer application....". The specification does not indicate how " 
...plurality of separately secured remote applications "... separately-secured 
computer applications ..,","... first secured computer application ...", "... second 
separately-secured computer application...." are implemented to authenticate and 
authorize a computer user. Applicant amendment does not clarify " ...plurality of 
separately secured remote applications "... separately-secured computer 
applications "... first secured computer application ...", "... second separately- 
secured computer application... ." and merely recites the claims 1 and 7 and 
summarizes claims 27 - 36. 
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With respect to "... storing a link ... retrieving the link; the specification does 
not indicate how to "... storing a link ... retrieving the link; are configured to 
authenticating and authorizing the user to a plurality of separately-secured computer 
applications anywhere in the specification. Applicant remarks/arguments do not 
address "... storing a link ... retrieving the link; and merely summarizes claims 27 - 
36. 

The dependent claims 2 - 6, 8 - 12, 21 - 26, 28 - 31 and 33 - 36 are rejected at 
least by virtue of their dependency on the dependent claims. 

For examination purposes, " ...plurality of separately secured remote applications 
,..","... separately-secured computer applications "... first secured computer 
application "... second separately-secured computer application....", are broadly 
interpreted as applications and "... storing a link ... retrieving the link; broadly 
interpreted as storing user identification. 

4. Applicant agrees with the Examiner that the cited prior arts [Alegre et al. U.S. 
Patent 6, 199, 11 3, Hartman et al. U.S. Patent 5,960,411, Blanco et al U.S. Patent 
6,539,482], disclose "a session key that is stored at a client browser and used to access 
a trusted network" but argues that prior art does not disclose or suggest "separately- 
secured computer applications that are remotely launched by a user", "multiple 
application that each requires its own separate authorization" and "using a directory to 
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store an object accessed by more than one application for purposes of authentication". 

Alegre discloses in part, a system providing access to a resource comprises a 
device for storing a key based on requester authentication; a device for forwarding the 
key to requester; a device for receiving an original request and the key from the 
requester, a device for processing the original request and the key from the requester to 
form a network request; a device for transferring the network request to a trusted 
network. Alegre further discloses a device for processing the network request to extract 
the key if the network request was processed by the device for processing the original 
request and the key; and a device for performing the original request if the key is valid. 

Hartman discloses a method and a system for placing an order to purchase an 
item over the Internet and placing the selection of various items from the electronic 
catalogs based on the "shopping cart" model (prior art. Background of the invention), 
wherein the client system displays information that identifies the item and displays an 
indication of an action that a purchases is to perform to order the identified item. 
Hartman further discloses that the client system sends to a server system the provided 
identifier and a request to order the identified item wherein the server system uses the 
identifier to identify additional information needed to generate an order for the item and 
then generates the order. 

Blanco discloses an authentication procedure, which allows a centralized 
administration of user data without creating security breaches in networks providing 
remote access. Blanco further discloses a directory service containing a remote access 
password using an authentication protocol and directory service protocols, such as 
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LDAP, wherein LDAP protocol is designed to provide access to directories supporting 
the X.500 model. 



5. Regarding currently amended independent claims 1, 7 and new independent 
claims 27 and 32, Applicant argues that Alegre does not teach " ... plurality of separately 
secured remote applications "... separately-secured computer applications "... 
first secured computer application "... second separately-secured computer 
application....", and "... storing a link ... retrieving the link; These arguments are 
not found persuasive. Alegre discloses, " ...plurality of separately secured remote 
applications ...","... separately-secured computer applications first secured 

computer application second separately-secured computer application....", 

(Alegre Column 5 line 8 - Column 6 line 68 and Column 8 lines 16 - 27). Alegre further 
discloses"... storing a link ... retrieving the link; (Column 4 line 25 - Column 5 line 
20). 



6. Therefore, the examiner respectfully asserts that the cited prior arts do teach or 
suggest the amended subject matter " ...plurality of separately secured remote 
applications "... separately-secured computer applications "... first secured 
computer application ...","... second separately-secured computer application....", and 
"... storing a link ... retrieving the link;", broadly recited in the amended independent 
claims 1 and 7 and new independent claims 27 and 32. The dependent claims 2 - 6, 8 - 
12, 21 - 26, 28 - 31 and 33 - 36 are rejected at least by virtue of their dependency on 
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the dependent claims and by other reason set forth in this office action. Accordingly, the 
rejection for the pending claims 1-12 and 21 - 36 is respectfully maintained. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by, 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



7. Claims 1 -4, 7-10, 21, 24, 27, 29, 30, 32, 34 and 35 are rejected under 35 
U.S.C. 102(e) as being anticipated byAlegre etal. (U.S. Patent Number 6,199,113). 

8. Regarding Claim 1 , Alegre teaches and describes 

storing security information for a plurality of computer users in a user profile 
database (Column 4 lines 8 - 36); 

the user launching a first secured computer application on an application server 
(Column 4 lines 8-36); 

receiving at an authorization server coupled with the user profile database log- 
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in information from the computer user who has launched a computer application 
(Column 4 lines 8-40); 

in response to step b, creating a Session ID for the computer user with the 
authorization server (Column 4 lines 8-40 and Column 6 lines 24 - 42); 

storing at least a portion of the Session ID on the user's computer (Column 4 
lines 8 -42); 

also in response to step b, creating an object associated with the computer user 
or the Session ID (Column 4 lines 8-42 and Column 5 lines 8 - 20); 

storing the object dynamically in a directory stored in a directory server coupled 
with the authorization server and the application server (Column 5 line 48 - Column 6 
line 49); 

copying at least some of the security information relating to the computer user 
from the user profile database to the object in the directory (Column 6 lines 24 - 67); 

comparing the log-in information entered by the computer user to the security 
information for the computer .user and allowing the computer user access to the first 
secured computer application if the user is an authenticated or authorized user of the 
first secured computer application (Column 6 lines 24 - 49); and 

the user launching a second separately-secured computer application on an 
application server (Column 4 lines 48 - 67 and Column 8 lines 22-44); 

the second separately-secured computer application reading the Session ID on 
the user's computer (Column 6 lines 6 - 68); and 
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the second separately-secured computer applications accessing the object for 
the computer user on the directory server in response to the Session ID to authenticate 
or authorize the user for the second separately-secured computer applications (Column 
5 line 48 - Column 6 line 49). 

9. Regarding Claim 7, Alegre teaches and describes 

a user profile database for storing security information for a plurality of computer 
users (Column 4 lines 8 - 36); 

an authorization server coupled with the user profile database for receiving log-in 
information from a computer user who has launched a first secured computer 
application, for creating a Session ID for the computer user, for storing at least a portion 
of the Session ID on the user's computer and for creating an object associated with the 
computer user or the Session ID (Column 4 lines 8 - 42; Column 5 lines 8-20 and 
Column 6 lines 24 - 42); and 

a directory stored in a directory server coupled with the authorization server for 
dynamically storing the object created by the authorization server (Column 6 lines 24 - 
34), 

the authorization server being further operable for copying at least some of the 
security information relating to the computer user from the user profile database to the 
object in the directory, comparing log-in information entered by the computer user to the 
security information for the computer user and allowing the computer user access to the 
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launched first secured computer application if the user is an authenticated or authorized 
user of the computer application (Column 5 line 48 - Column 6 line 49), 

the directory server permitting other separately-secured computer applications 
launched by the computer user to reference the Session ID read by the separately- 
secured computer applications on the user's computer so that the other separately- 
secured computer applications may access the object for the computer user on the 
directory server to authenticate or authorize the user for the other separately-secured 
computer applications (Column 6 lines 6 - 67). 

10, Regarding Claim 27, Alegre teaches and describes 

the user remotely launching a first secured computer application from a user 
computer (Column 4 lines 8 - 36); 

authenticating and authorizing the user to the first secured computer application 
by exchanging security information between the user and an authorization server 
(Column 5 line 48 - Column 6 line 49); 

storing at least a portion of the security information in an object within a dynamic 
directory on a directory server (Column 5 line 48 - Column 6 line 49); 

storing a link to the object on the user computer (Column 4 lines 25 - 54); 

the user remotely launching a second separately-secured computer application 
on an application server (Column 4 lines 48 - 67 and Column 8 lines 22 - 44); 

retrieving the link (Column 4 lines 25 - 54); 
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authenticating and authorizing the user to the second separately-secured 
computer application by exchanging the stored security information between the 
directory server and the application server (Column 5 line 48 - Column 6 line 49). 

11. Regarding Claim 32, Alegre teaches and describes 

an authorization server for authenticating and authorizing the user to secured 
computer applications by exchanging security information between the user and the 
authorization server when a first secured computer application is launched by the user 
(Column 5 line 48 - Column 6 line 49); 

a directory server storing at least a portion of the security information in an object 
within a dynamic directory, wherein a link to the object is stored on the user computer; 
and 

an application server implementing a second separately-secured computer 
application for remote launching by the user, wherein the second separately-secured 
computer application retrieves the link, and wherein the user is authenticated and 
authorized to the second separately-secured computer application by exchanging the 
stored security information between the directory server and the application 
server(Column 5 line 48 - Column 6 line 67). 

12, Claims 2 and 8 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes the security information including 
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authentication and authorization information (Column 4 lines 48 
lines 55 - Column 8 line 20). 

13. Claims 4, 10, 29 and 34 are rejected as applied above in rejecting claims 1 and 
7. Furthermore, Alegre teaches and describes the Session ID being based on at least 
one of the following: a date on which the computer user launched the first secured 
computer application; a time in which the computer user launched the first secured 
computer application; a TCP/IP address of the computer user; and a user name of the 
computer user (Column 3 lines 1-11, Column 5 lines 8-36 and Column 6 lines 24 - 
68). 

14. Claims 3 and 9 are rejected as applied above in rejecting claims 2 and 8. 
Furthermore, Alegre teaches and describes the authentication and authorization 
information including at least one of the following: user names, user IDs, passwords, 
public-key data, certificates, and access control information (Column 5 line 8 - Column 
6 line 65). 

15. Claims 21 and 24 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes wherein the other computer applications 
access the object on the directory server using a dynamic directory service (Column 5 
line 48 - Column 6 line 49). 
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16. Claims 30 and 35 are rejected as applied above in rejecting claims 27 and 32. 
Furthermore, Alegre teaches and describes the steps of: 

one of the secured computer applications storing application data in the object; 
and the other one of the secured computer applications retrieving the application data 
according to the link (Column 4 lines 32 - 67). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

17. Claims 5, 6, 11, 12, 31 and 36 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Alegre et al. (U.S. Patent Number 6,199,1 13, hereinafter "Alegre") in 
view of Hartman et al. (U.S. Patent Number 5,960,41 1 hereinafter "Hartman"). 

18. Claims 5, 1 1 , 31 and 36 are rejected as applied above in rejecting claims 1,7, 
30 and 35. Alegre does not explicitly disclose that the method for dynamically tracking a 
user session includes the steps of creating a shopping cart and storing the shopping 
cart along with the object in the directory. However, Hartman discloses a method for 
creating a shopping cart and storing the shopping cart along with a unique client 
identifier (cookie), purchaser-specific information (Hartman Column 3 line 31 - Column 
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6 line 21 ). Therefore it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to modify Hartman's shopping cart system into the 
dynamically tracking user session system of Alegre. 

Alegre could have been modified by Hartman to arrive the claimed invention by 
having the shopping cart with user purchase information to be saved on the directory as 
taught by Hartman (See Hartman Column 3 line 31 - Column 8 line 25) and as 
suggested by Alegre (See Alegre Column 7 line 3 - Column 8 line 53). One of ordinary 
skill in the art would have been motivated to modify Alegre by Hartman as discussed 
above because in a shopping cart systems user profiles are stored in a directory as 
taught by Hartman and employing the shopping cart within Alegre would provide an 
efficient and secure method for dynamically tracking a user session, 

19. Claims 6 and 12 are rejected as applied above in rejecting claims 5 and 1 1 . 
Furthermore, Alegre teaches and describes the steps of allowing the user to select 
items to be purchased and storing information relating to the selected items in the 
shopping cart (Hartman Column 3 line 46 - Column 4 line 26; Column 5 line 27 - 
Column 6 line 21 and Column 7 line 57 - Column 8 line 25). 

20. Claims 22, 23, 25, 26, 28 and 33 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Alegre et al. (U.S. Patent Number 6,199,1 13, hereafter "Alegre") in 
view of Blanco et al. (U.S. Patent Number 6,539,482, hereafter "Blanco"). 
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21. Claims 22, 25, 28 and 33 are rejected as applied above in rejecting claims 21 
and 24. Furthermore, Alegre teaches and describes wherein the other computer 
applications access the object on the directory server using a dynamic directory service 
(Column 5 line 48 - Column 6 line 49). Alegre does not explicitly disclose that the 
dynamic directory service comprises the lightweight directory access protocol (LDAP). 
However, Blanco discloses a network access authentication system that gathers the 
data concerning the users, including authentication data, in a data base of a directory, 
which uses Light weight directory access protocol which is specifically targeted at 
management applications and browsing applications that provide interactive access to 
directories (Blanco Column 3 lines 22 - 67). 

22. Motivation to combine Blanco with Alegre comes from the need to provide 
authentication and authorization of a user available to an authorization server coupled 
with a directory server that stores the authentication (user) data. Alegre provides a 
discussion of the need for security and authorization information for all the resources 
that a user can access but is silent as to the specific details of the LDAP, see Alegre 
Column 1 line 51 - Column 2 line 35 (especially Column 2 lines 24 - 35). It would have 
been obvious to one of ordinary skill in the art to combine Alegre with Blanco because 
LDAP provides the authentication data stored in the directory available to all the 
applications that are associated with a directory server and provides interactive access 
to directories. 
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23. Claims 23 and 26 are rejected as applied above in rejecting claims 21 and 24. 
Furthermore, Alegre teaches and describes wherein the other computer applications 
access the object on the directory server using a dynamic directory service (Column 5 
line 48 - Column 6 line 49). Alegre does not explicitly disclose that the dynamic 
directory service comprises the X.500 access protocol. However, Blanco discloses a 
network access authentication system that gathers the data concerning the users, 
including authentication data, in a data base of a directory, which uses Light weight 
directory access protocol that supports X.500 access protocol (Blanco Column 3 lines 
22-67). 

24. Motivation to combine Blanco with Alegre comes from the need to provide 
authentication and authorization of a user available to an authorization server coupled 
with a directory server that stores the authentication (user) data. Alegre provides a 
discussion of the need for security and authorization information for all the resources 
that a user can access but is silent as to the specific details of the LDAP, see Alegre 
Column 1 line 51 - Column 2 line 35 (especially Column 2 lines 24 - 35). It would have 
been obvious to one of ordinary skill in the art to combine Alegre with Blanco because 
LDAP which supports X.500 access protocol, provides the authentication data stored in 
the directory available to all the applications that are associated with a directory server 
and provides interactive access to directories. 
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Conclusion 

25. Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner 

Applicant is urged to consider the references. However, the references should be 
evaluated by what they suggest to one versed in the art, rather than by their specific 
disclosure. If applicants are aware of any better prior art than those are cited, they are 
required to bring the prior art to the attention of the examiner. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ayaz 
Sheikh can be reached on 571-232-3795. Any inquiry of a general nature or relating to 
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the status of this application or proceeding should be directed to the receptionist whose 
telephone number is 703-305-3900. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 

Pramila Parthasarathy 
August 19, 2005. 
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